Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow Service Brokers to indicate the state of a Service Instance after a failed update or deprovisioning #637

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 48 additions & 2 deletions spec.md
Original file line number Diff line number Diff line change
Expand Up @@ -328,6 +328,9 @@ For error responses, the following fields are defined:
| --- | --- | --- |
| error | string | A single word in camel case that uniquely identifies the error condition. If present, MUST be a non-empty string. |
| description | string | A user-facing error message explaining why the request failed. If present, MUST be a non-empty string. |
| instance_usable | boolean | If an update or deprovisioning operation failed, this flag indicates whether or not the Service Instance is still usable. If `true`, the Service Instance can still be used, `false` otherwise. This field MUST NOT be present for errors of other operations. Defaults to true. |
| update_repeatable | boolean | If an update operation failed, this flag indicates whether this update can be repeated or not. If `true`, the same update operation MAY be repeated and MAY succeed; if `false`, repeating the same update operation will fail again. This field MUST NOT be present for errors of other operations. Defaults to true. |
| retry_after | integer | This field suggests how long (in seconds) the Platform SHOULD wait until it repeats the operation. If this a negative number, the Platform SHOULD NOT automatically repeat the operation. Defaults to 0 seconds. |
Copy link
Member

@tinygrasshopper tinygrasshopper Mar 12, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not getting the negative number bit for retry_after, is that indicating the same thing as update_repeatable is false?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a difference. update_repeatable indicates wether a repeated update has a chance to succeed or not. A negative retry_after value indicates that even if a subsequent update could succeed, the platform should not automatically retry it.


### Error Codes

Expand Down Expand Up @@ -772,15 +775,20 @@ For success responses, the following fields are defined:
| Response Field | Type | Description |
| --- | --- | --- |
| state* | string | Valid values are `in progress`, `succeeded`, and `failed`. While `"state": "in progress"`, the Platform SHOULD continue polling. A response with `"state": "succeeded"` or `"state": "failed"` MUST cause the Platform to cease polling. |
| description | string | A user-facing message that can be used to tell the user details about the status of the operation. |
| description | string | A user-facing message that can be used to tell the user details about the status of the operation. If present, MUST be a non-empty string. |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The description field appears twice in this section. Conflict resolution artifact?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Fixed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great! Thank you!

| instance_usable | boolean | If an update or deprovisioning operation failed, this flag indicates whether or not the Service Instance is still usable. If `true`, the Service Instance can still be used, `false` otherwise. This field MUST NOT be present for errors of other operations. Defaults to true. |
| update_repeatable | boolean | If an update operation failed, this flag indicates whether this update can be repeated or not. If `true`, the same update operation MAY be repeated and MAY succeed; if `false`, repeating the same update operation will fail again. This field MUST NOT be present for errors of other operations. Defaults to true. |
| retry_after | integer | If an operation failed, this field suggests how long (in seconds) the Platform SHOULD wait until it repeats the operation. If this a negative number, the Platform SHOULD NOT automatically repeat the operation. Defaults to 0 seconds. |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why we have retry_after as a new field in the body and not using the Retry-After header as per #621?

Maybe the second sentence should be If this is a negative number....

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@georgi-lozev the retry_after field if for when the update operation itself has to be retried whereas the Retry-After is to retry the last operation polling.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I get the idea.

My question is why we won't re-use the same mechanism with the header to retry the update operation, but we introduce a new one, a field that is part of the body.
To me it looks like we can return a Retry-After header as part of the update operation to instruct the platform retrying after a given interval, same way as in last operation polling.

I don't think it's a showstopper, it's more kind of a nitpicking and aiming for some kind of consistency between implementing similar behaviors in the spec.


\* Fields with an asterisk are REQUIRED.

The response MAY also include the `Retry-After` HTTP header. This header will
indicate how long the Platform SHOULD wait before polling again and is
intended to prevent unnecessary, and premature, calls to the `last_operation`
endpoint. It is RECOMMENDED that the header include a duration rather than a
timestamp.

\* Fields with an asterisk are REQUIRED.


```
{
Expand Down Expand Up @@ -1179,6 +1187,36 @@ Responses with any other status code MUST be interpreted as a failure.
When the response includes a 4xx status code, the Service Broker MUST NOT
apply any of the requested changes to the Service Instance.

When an update fails, the Service Instance can still be usable or unusable
or its state could be unknown to the Platform. If a Service Instance became
unusable, another update MAY repair the Service Instance.
The Platform SHOULD NOT allow the creation of new bindings of an unusable
Service Instance until the instance has been deleted or repaired by a
subsequent update.
If the broker does not indicate in the
[Error response](#service-broker-errors) or
[Last Operation response](#polling-last-operation-for-service-instances)
whether the Service Instance is usable or not, the Platform SHOULD assume
it is still usable.

A failed update might be repeatable. If the Service Broker
indicates in the [Error response](#service-broker-errors) or
[Last Operation response](#polling-last-operation-for-service-instances)
that retrying this update does not make sense, the Platform SHOULD NOT
repeat this update.
For example, if a certain plan change is not supported by the
Service Broker, all subsequent attempts will always fail, and the
Platform SHOULD NOT retry this.
Other updates MAY be possible.

If an update is repeatable, the Service Broker MAY indicate whether
the update is repeatable immediately, after a certain period of time,
or after some manual intervention. If the Service Broker does not provide
this information, the Platform SHOULD assume that the update can be
repeated immediately.
Whether the Platform automatically repeats the update or not, is Platform
specific.

#### Body

For success responses, the following fields are defined:
Expand Down Expand Up @@ -1635,6 +1673,14 @@ $ curl 'http://username:password@service-broker-url/v2/service_instances/:instan
Responses with any other status code MUST be interpreted as a failure and the
Platform MUST remember the Service Instance.

When a deprovisioning fails, the Service Instance can still be usable or
unusable or its state could be unknown. If a Service Instance became unusable,
the Platform SHOULD NOT allow the creation of new bindings.
If the broker does not indicate in the [Error response](#service-broker-errors)
or [Last Operation response](#polling-last-operation-for-service-instances)
whether the Service Instance is usable or not, the Platform SHOULD assume it is
still usable.

#### Body

For success responses, the following fields are defined:
Expand Down